Header widget area left
Header widget area right

In addition to compliance outsourcing, all functions of the CMS need to be ordered as modules. An effective CMS is divided into three core functions, which are covered by a total of 6 compliance modules.

COS Compliance Outsourcing

„Awareness & Prevention“

  • Conception and implementation of a compliance risk analysis (Compliance Risk Assessment) to identify compliance risks and define suitable measures for minimizing the identified risks.
  • Conception and implementation of individual compliance training courses for management, executives, and employees.
    Why are regular training courses and seminars essential?
Read here

Many legal requirements are simply ignored in practice due to a lack of knowledge. The law is very complex, altered and expanded regularly. It is therefore crucial that all employees receive regular training on the rules and proper handling of legal risks and develop an understanding of the meaning and purpose of compliance. This task is demanding because the number of legal requirements and duties is constantly increasing.

Example 1

How can I make sure that employees do not behave in a manner that is legally considered unfair or corrupt? And if misconduct does occur, how do I take precautions to ensure that as a board member/managing director I am not accused of it? What do I have to do to avoid being held responsible for organizational faults or breach of my monitoring duties

The black suitcase full of money, which was often quoted in the past, is nowadays very uncommon. Today, corrupt influencing of business decisions takes place in a “smarter” way, e. g. by elaborate invitations to travel, golf events, sports events, etc. The boundary between networking / “customer relations management” and improper influence is often blurred. For example, invitations to the business lounge of a football match can be accepted without any problems in one case, but should rather be refused in another case.

In such situations, the correct understanding in combination with clear rules and guidelines for employees ensures that substantial fines (up to EUR 1 million for a natural person, EUR 10 million for the company) or even imprisonment (e. g. in the case of severe breach of trust) are avoided.

Example 2

What should I do if a competitor proposes to submit a “joint” offer to a customer? Or openly proposes to coordinate offers regarding content and price or to “interpret” tender conditions in a common understanding?

Merely leaving the meeting is not enough! Only written protests or distancing oneself from the proposed course of action can help to free oneself from the situation (in which one might even have gotten unintentionally).

Antitrust violations may, among other things, result in fines that threaten the existence of the company (up to % 10 of the total turnover) or a general exclusion of tenders, etc.

  • Creation of internal communication for specific guidelines aimed at entrepreneurial activities (e. g. Code of Conduct, Anti-Corruption Policy, Grant Policy, Donation Policy, Event Policy, Antitrust Policy, Privacy Policy, Export Policy, etc.) to communicate security of action in everyday business life.
  • Together with C2S2 GmbH, we offer a digital service for the communication of guideline contents to keep the guidelines for employees as understandable and straightforward as possible. The unique thing about it: Rules are communicated in an action-oriented manner. Users receive an answer to concrete, situational questions within seconds.
  • Provision of an individual compliance advisory service for employees.
  • Creation and support of individual “Tone from the Top” communication. Training courses, guidelines, and advice are useless if compliance is not uncompromisingly demanded and exemplified by the Executive Board and management. Communicating expectations to the workforce on a regular basis is essential (so-called “Tone from the Top” communication).

„Detection & Response“

The “Detection & Response” function ensures that existing regulations are also adhered to or systematically clarified and sanctioned in the event of deliberate infringement.

  • The assumption of the function of an independent, external ombudsman
  • Support in the implementation of additional whistleblowing systems
  • Implementation of a suitable whistleblower/case management process in the company
  • Advice on the handling of information and implementation of internal investigations
  • Guidance on appropriate sanctions
  • Implementation of the resulting subsequent measures

Reporting and Certification

  • Provision of a regular, suitable compliance reporting system to the Executive Board or the management and the responsible supervisory bodies of the company.
  • Provision of a (lawyer’ s) activity report, which is also suitable for external verification of the compliance activities carried out in the company
  • Consulting and support of an external certification by an auditing firm according to the IDW-PS-980 or ISO-19600/37001 standard if required

Six compliance modules essentially ensure these functions:


All Services of COS

Compliance Outsourcing

As an “all-round package”, we offer you consulting, the development and operation of a compliance management system (CMS) by means of outsourcing.

Digital Compliance Guide

Always and everywhere know what is possible and what is not:. With the Digital Compliance Guide, you provide your employees with a tool that generates action competence in all situations.


With our Whistleblowing system, companies with at least 50 employees or a yearly revenue of 10M can fulfill the requirements by the EU Whistleblowing Directive already today.

Data Privacy Management

We support you in setting up and operating a GDPR compliant Data Privacy Management in your company.